Client ID
Client Secret
Redirect URI
{{nxsys_base_url}}/oauth/authorize?responseType=code&clientId={{client_id}}&redirectUri={{redirect_uri}}&state={{state}}
Parameter | Description |
---|---|
{{nxsys_base_url}} | The Authorization Base URL for the Nxsys API (e.g., https://portal.nxsys.tech). View more information about Base URL and Environments. |
responseType | Set to code to indicate the authorization code grant type, returning an authorization code upon successful user authentication. |
clientId | The unique identifier for the client application, obtained during client registration with Nxsys. Replace {{client_id}} with the actual client ID. |
redirectUri | The URL where the user is redirected after authorization. It must match the URI registered with Nxsys. Replace {{redirect_uri}} with the actual redirect URI. |
state | A unique, randomly generated string to maintain state between the request and callback, helping prevent CSRF attacks. Replace {{state}} with a unique value. |
https://api.nxsys.tech
, a client ID of abc123
, a redirect URI of https://yourapp.com/callback
, and a state of xyz789
, the constructed URL is:https://api.nxsys.tech/oauth/authorize?responseType=code&clientId=NXSYS.ONZEYLYLO38TL9XEBE3JQUPGTYUQMZ7S&redirectUri=https://yourapp.com/callback&state=xyz789
{{client_id}}
, {{redirect_uri}}
, and {{state}}
are replaced with your application-specific values.redirectUri
matches the one registered with Nxsys to avoid authorization errors.redirectUri
specified in the authorization URL. The redirect URL includes a code
parameter containing the authorization code and the state
parameter you provided. The callback URL will have the following structure:{{redirect_uri}}?code={{authorization_code}}&state={{state}}
state
parameter should be a unique, unpredictable value for each authorization request to enhance security.https://yourapp.com/callback
, the callback URL might look like:https://yourapp.com/callback?code=6ac64d880b1a74fd3c1c012973dcb8c4&state=xyz789
state
parameter returned in the callback URL matches the state
value you sent in the authorization URL. If the values do not match, reject the response and do not proceed with the authorization code.code
parameter from the callback URL. This authorization code is a temporary token used to obtain an access token in the next step of the OAuth flow (e.g., via a token exchange request). Store the code securely and use it promptly, as it typically has a short expiration time.